Friday, April 07, 2006

Obnoxious virus spam

I get a lot of spam, the majority of it intercepted by my anti-spam software (Spamfire for Mac/Win), and also a lot of viruses in my e-mail, most of them intercepted by my anti-virus software. As I tell my friends and family, you'd have to be crazy to be on the Internet without anti-virus software and current virus definitions. There are freebie anti-virus programs, such as ClamXav (Mac) or ClamWin (Win), and several commercial products; I don't have a particular recommendation, other than that you find one that you like and can live with (that doesn't crash or cripple your computer....) and keep it updated.

The virus spam I caught in my spam filter this morning, though, is noteworthy because it tries very hard to look like a legitimate e-mail.


To: (my e-mail address)
Subject: Returned mail: Data format error
Date: Fri, 7 Apr 2006 16:32:35 +0300

The original message was received at Fri, 7 Apr 2006 16:32:35 +0300 from []

----- The following addresses had permanent fatal errors -----
(my e-mail address)

icon text
The icon might be one you don't recognize; I just picked one from a library of free icons. Most people, though, use the "hide extensions" feature on their computers, which means you wouldn't see that the attached file is actually — a compressed archive file that could contain any kind of file at all. Sometimes the virus author gets even sneakier, giving the attached file a name like harmless.txt.exe because it will show up as "harmless.txt" when in fact it is a dangerous EXEcutable.

Bottom line: you may get legitimate "bounce" messages that look very much like the above virus-carrying example. How can you tell the legit from the viral? Simple — the legit bounce message has no reason to have any kind of file attached at all. Even if you sent a message that had attached files, they will probably not be returned with the bounce message.

My advice:
  1. Get anti-virus software with current virus definitions, and keep the def's updated regularly. Even Macs get viruses once in a while, besides which it's just neighborly to be sure we don't accidentally pass along a Windows virus to someone who's actually vulnerable to it.

  2. Be very suspicious of any e-mail file attachments. "I'll just click on this and see what it is" is right up there with "Gee, let's find out what's at the bottom of this abandoned mine shaft." Even if you come out alive, you're likely to have some nasty bruises and maybe a couple of broken bones.

  3. Switch to showing all file extensions, at least within your e-mail software. (This may be a matter of turning off "hide extensions.") It's a lot easier to see that a file is suspect if you see its true file extension — only the last one matters. Harmless.doc.xls.pdf.txt.jpg.bat is a Windows BATch file, which is a kind of executable.
If you take those simple precautions, you probably don't need the string of garlic around your computer screen or the crucifix guarding the hard disk, although the voodoo doll of the spammer virus author is still a good idea. (It doesn't hurt to know how to tell that the e-mail message actually came from a home DSL line somewhere in Latvia [eastern Europe], but that's rather a lot more work. Shame on you,, whoever you are.)

Technorati tags: , , ,